Cyber crime isn't just targeting giant international conglomerates these days. A recent Verizon Data Breach Investigation Report showed that 72 percent of 855 external data breaches were at companies with 100 or fewer employees.
Here are four simple, practical tips to prevent cyber attack:
- Use stronger passwords.
This might sound far too obvious, but it works. The tougher the password, the tougher it is to guess. Educate employees on just what a strong password is — combos of letters, numerals and capitals. Then put these strong passwords on all your systems, smartphones, iPads and other devices. Change the default password on routers and point-of-sale equipment as well. Change all these passwords regularly. Larger firms have all employees change their password every 60-90 days, no exceptions.
- Know what you are defending.
Many small firms don't have a clear picture of their digital assets or where they reside. Get together with your IT people, even if it's one freelancer, and perform a data audit. Figure out what data comes in — work orders, customer information, credit card numbers; the data you create and store (designs, research notes); and the data that leaves (reports to clients).
Do a network audit on what devices you have connected to the Internet, your faxes and phone lines too.
72 percent of 855 external data breaches were at companies with 100 or fewer employees
When you have a clear picture of what and where your sensitive data is and who has access to it, put some rules in place.
- Have written rules.
A written information security policy or plan really is essential these days. Is it a lot of work? Maybe. That depends on how complex your firm is. But there can be a big upside here: many large firms require them from suppliers. In other words, you could beat out your competitors if you have a security policy and they don't.
- Enforce those rules.
No one likes to threaten employees. But if they seriously bend or break the rules, you need to let them know. And what's worse, calling a good employee on minor infractions or firing then replacing them with someone who needs to be trained from the ground up?
Let's hope you're never targeted. But being prepared for cyber attack is half the battle.
For more information on protecting proprietary information and trade secrets, plus combating inside threats from corrupt or disgruntled employees, check out this special live simulcast:
Cyber Security & Economic Espionage: Safeguarding Proprietary Information
Wed., Sept. 19, 8:00 a.m. to 11:00 a.m.
An FBI agent and an SBTDC counselor will be present at each of the five host locations (St. Louis, Springfield, Cape Girardeau, Rolla and Kansas City). This event is free and open to the public, however seating is limited, and pre-registration is required.
To register, call John Woodson at 573-341-7544 or send an email with name, address and phone number to email@example.com.
This story was featured in the August 2012 newsletter